The disclosures herein relate in general to information processing systems and in particular to a system and method for securing operation of a computer system.
In an example personal computer (xe2x80x9cPCxe2x80x9d) system, a human user enters one or more passwords in order to read information from a computer-readable medium of the system, write information to the computer-readable medium, and cause the system to perform various operations such as executing applications software. In that manner, the passwords help to guard against theft of the PC system, especially if the PC system is a laptop computer system. In one example, the passwords include a user password, an administrative password, and a master password.
According to a previous technique, if the user forgets the user password, the user may contact the system""s manufacturer to learn the master password. After learning the master password, the user may specify a new user password. Accordingly, it is preferable that the master password be unique to each system.
Such uniqueness may be achieved by computing the master password according to a procedure (e.g. formula, algorithm) that is shared by numerous systems produced by the manufacturer, but which uses a particular system""s unique serial number as an operand. Nevertheless, if the serial number is printed on the outside of each system or is otherwise readily published, then security would be compromised if the user learns the procedure, because (upon learning the procedure) the user would be able to read the serial number (and compute the master password) for any system that shares the procedure. Accordingly, a shortcoming of such a previous technique is that (a) employees of the manufacturer may fail to properly maintain confidentiality of the procedure; and (b) a user may reverse engineer the procedure by obtaining master passwords for multiple systems, as for example if the user purchases multiple systems.
Accordingly, a need has arisen for a system and method for securing a computer system, in which various shortcomings of previous techniques are overcome. More particularly, a need has arisen for a system and method for securing a computer system, in which a user is less likely to know a procedure and operand for computing a password. Also, a need has arisen for a system and method for securing a computer system in which, if security of a master password procedure (and its operand) has been compromised by a breach of confidentiality, the negative effect of such compromise is readily addressed and temporary.
One embodiment, accordingly, provides for a computer system that includes circuitry for selecting among first and second parameters in response to a command. The parameters are for use in computing a password. The circuitry is for reading content of the selected parameter from a computer-readable medium and computing the password in response thereto. The password computed in response to content of the first parameter is different from the password computed in response to content of the second parameter. Also, the circuitry is for concealing the password from a user of the computer system.
A principal advantage of this embodiment is that (a) various shortcomings of previous techniques are overcome, (b) a user is less likely to know a procedure and operand for computing a password, and (c) if security of a master password procedure (and its operand) has been compromised by a breach of confidentiality, the negative effect of such compromise is readily addressed and temporary.